| author | Michael Krelin <hacker@klever.net> | 2008-02-19 10:51:12 (UTC) |
|---|---|---|
| committer | Michael Krelin <hacker@klever.net> | 2008-02-19 10:51:12 (UTC) |
| commit | a3db32747e8370cab8cfdcc382fee875613b7b77 (patch) (side-by-side diff) | |
| tree | 2d11728a195a85907f06c3f920e405f1d1c769cd /lib | |
| parent | c18b77c610d0f963a274420a6558629d198818ee (diff) | |
| download | libopkele-a3db32747e8370cab8cfdcc382fee875613b7b77.zip libopkele-a3db32747e8370cab8cfdcc382fee875613b7b77.tar.gz libopkele-a3db32747e8370cab8cfdcc382fee875613b7b77.tar.bz2 | |
use local array for hmac when calculating signature
Signed-off-by: Michael Krelin <hacker@klever.net>
| -rw-r--r-- | lib/util.cc | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/lib/util.cc b/lib/util.cc index b85a377..bb8a2e8 100644 --- a/lib/util.cc +++ b/lib/util.cc @@ -1,62 +1,64 @@ #include <errno.h> #include <cassert> #include <cctype> #include <cstring> #include <vector> #include <string> #include <stack> #include <algorithm> #include <openssl/bio.h> #include <openssl/evp.h> +#include <openssl/sha.h> #include <openssl/hmac.h> #include <curl/curl.h> -#include "opkele/util.h" -#include "opkele/exception.h" +#include <opkele/util.h> +#include <opkele/exception.h> +#include <opkele/debug.h> #include <config.h> #ifdef HAVE_DEMANGLE # include <cxxabi.h> #endif namespace opkele { using namespace std; namespace util { /* * base64 */ string encode_base64(const void *data,size_t length) { BIO *b64 = 0, *bmem = 0; try { b64 = BIO_new(BIO_f_base64()); if(!b64) throw exception_openssl(OPKELE_CP_ "failed to BIO_new() base64 encoder"); BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); bmem = BIO_new(BIO_s_mem()); BIO_set_flags(b64,BIO_CLOSE); if(!bmem) throw exception_openssl(OPKELE_CP_ "failed to BIO_new() memory buffer"); BIO_push(b64,bmem); if(((size_t)BIO_write(b64,data,length))!=length) throw exception_openssl(OPKELE_CP_ "failed to BIO_write()"); if(BIO_flush(b64)!=1) throw exception_openssl(OPKELE_CP_ "failed to BIO_flush()"); char *rvd; long rvl = BIO_get_mem_data(bmem,&rvd); string rv(rvd,rvl); BIO_free_all(b64); return rv; }catch(...) { if(b64) BIO_free_all(b64); throw; } } void decode_base64(const string& data,vector<unsigned char>& rv) { BIO *b64 = 0, *bmem = 0; rv.clear(); try { bmem = BIO_new_mem_buf((void*)data.data(),data.size()); if(!bmem) throw exception_openssl(OPKELE_CP_ "failed to BIO_new_mem_buf()"); @@ -375,58 +377,59 @@ namespace opkele { pair<const char*,const char*> mp = mismatch( nrealm.c_str()+pr,nrealm.c_str()+lr, nu.c_str()+pu); if( (*(mp.first-1))!='/' && !strchr("/?#",*mp.second) ) return false; return true; } string abi_demangle(const char *mn) { #ifndef HAVE_DEMANGLE return mn; #else /* !HAVE_DEMANGLE */ int dstat; char *demangled = abi::__cxa_demangle(mn,0,0,&dstat); if(dstat) return mn; string rv = demangled; free(demangled); return rv; #endif /* !HAVE_DEMANGLE */ } string base64_signature(const assoc_t& assoc,const basic_openid_message& om) { const string& slist = om.get_field("signed"); string kv; string::size_type p=0; while(true) { string::size_type co = slist.find(',',p); string f = (co==string::npos) ?slist.substr(p):slist.substr(p,co-p); kv += f; kv += ':'; kv += om.get_field(f); kv += '\n'; if(co==string::npos) break; p = co+1; } const secret_t& secret = assoc->secret(); const EVP_MD *evpmd; const string& at = assoc->assoc_type(); if(at=="HMAC-SHA256") evpmd = EVP_sha256(); else if(at=="HMAC-SHA1") evpmd = EVP_sha1(); else throw unsupported(OPKELE_CP_ "unknown association type"); unsigned int md_len = 0; - unsigned char *md = HMAC(evpmd, + unsigned char md[SHA256_DIGEST_LENGTH]; + HMAC(evpmd, &(secret.front()),secret.size(), (const unsigned char*)kv.data(),kv.length(), - 0,&md_len); + md,&md_len); return encode_base64(md,md_len); } } } |